WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

NextGen Gallery < 3.5.0 - CSRF allows File Upload

Description

It was possible to bypass the "validate_ajax_request" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942

Affects Plugins

nextgen-gallery
Fixed in version 3.5.0

References

CVE
CVE-2020-35943
URL
https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter
ramuelgall
Verified

No

WPVDB ID
7e1f1083-4c41-41c8-bbf0-640484384196

Timeline

Publicly Published

2021-02-08 (about 1 years ago)

Added

2021-02-08 (about 1 years ago)

Last Updated

2021-02-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin